Opened 19 years ago

Closed 19 years ago

Last modified 19 years ago

#2226 closed defect (worksforme)

SuspiciousOperation: User tampered with session cookie exception when used with mod_python

Reported by: nesh at studioquattro co yu Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: major Keywords:
Cc: nesh@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

This is similar to #1758 but I can't login at all.
Precisely I can login, but after the cookie is created all access to the site returns SuspiciousOperation: User tampered with session cookie.

Clearing the cookies does not help, I can access non-admin parts of the site until I try to log in again.

I'm using Apache 2.0.53 prefork, latest trunk, sqlite database, Python 2.4.1, no proxy, browser cache disabled. DEBUG mode are OFF.

Tested in FF, Safari and Opera.

Same site works with runserver and lighttpd.

Is there any workaround for this? Or I must use fastcgi instead?


Relevant parts from setup.py

# 192.168.0.ZZZ my web server private IP
# 82.XXX.XXX.XXX is my web server public IP
# 192.168.0.XXX is my machine
INTERNAL_IPS = ('192.168.0.XXX', '82.XXX.XXX.XXX', '127.0.0.1', '192.168.0.ZZZ')
SESSION_COOKIE_NAME = 'DJANGO_STAGING_' + SITE_NAME.upper()
MIDDLEWARE_CLASSES = (
    "django.middleware.common.CommonMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    'django.middleware.locale.LocaleMiddleware',
    "django.middleware.doc.XViewMiddleware",
)

vhost entry:

DocumentRoot <project path>/www
ServerName myhost.com
<Directory "<project path>/www">
	allow from all
	Options FollowSymLinks
</Directory>

LogLevel debug
TransferLog riznica.access.log
ServerSignature Off

PythonPath "['<project path>', '/store/contrib', '/store/django'] + sys.path"

PythonInterpreter riznica
PythonDebug On

<Location "/">
    SetHandler python-program
    PythonHandler django.core.handlers.modpython
    SetEnv DJANGO_SETTINGS_MODULE <SITE_NAME>.settings
</Location>

<Location "/media/">
    SetHandler None
</Location>

<Location "/admin-media/">
    SetHandler None
</Location>

<LocationMatch "\.(jpg|gif|png)$">
    SetHandler None
</LocationMatch>
ErrorLog riznica.error.log

Change History (2)

comment:1 by Adrian Holovaty, 19 years ago

Resolution: worksforme
Status: newclosed

This seems to be user error; please bring it up on the django-users mailing list instead of in the ticket system.

Note: See TracTickets for help on using tickets.
Back to Top